adfoster-r7
a9f5c11d68
Land #18484 , add ability to follow payload override in shell to meterpreter
2024-01-03 12:05:29 +00:00
Zach Goldman
90d3d6fc0a
testing for opt_enum changes
2023-12-11 09:08:54 -06:00
Jack Heysel
3bad98afc6
Land #18488 , add kerberos_tickets post module
...
Adds a module to manage kerberos tickets from a compromised
host. This PR also includes rail gun enhancements.
2023-12-07 19:12:48 -05:00
Zach Goldman
56afed78ff
fix optenum, add documentation, fix issue with unset values
2023-12-04 18:03:28 -06:00
Zach Goldman
095540cea6
Enhance ability to follow payload override in shell to meterpreter
...
Update modules/post/multi/manage/shell_to_meterpreter.rb
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
payload override
2023-12-04 12:01:28 -06:00
Spencer McIntyre
13ae9fcded
Refactor things in #decrypt_data
...
* Check that the initial memory was actually allocated before writing to
it
* Don't pass 16 to CryptUnprotectData as the ppszDataDescr parameter
because it is not a valid LPWSTR
* Don't leak memory in the event that CryptUnprotectData by ensuring mem
and addr are always free'ed
* Combine free calls into one for speed
* Don't assume the sessions is ARCH_X64 if it is not ARCH_X86 because
that may change some day
2023-11-20 16:40:42 -05:00
bwatters
b5aeab0c9f
Merge #18491 , Add Module for PL/SQL Developer to gather credentials
...
Merge branch 'land-18491' into upstream-master
2023-11-09 11:18:52 -06:00
Jemmy Wang
893da00c6a
Modify Table DisplayName and password matching regex
2023-11-09 13:58:14 +08:00
Jemmy Wang
a4750b11bc
Optimize AES key
2023-11-09 05:26:20 +08:00
Jemmy Wang
9c23f86d83
Add support for v15 new encryption algorithm
2023-11-09 05:08:27 +08:00
Jack Heysel
06369281b9
Land #18503 , Apache Nifi Cred Stealer Post Module
...
This PR adds a post module to steal config and credential
information for Apache NiFi.
2023-11-07 20:05:10 -05:00
jheysel-r7
7331db43dd
Update print statement
2023-11-07 18:55:42 -05:00
Jemmy Wang
d4166098a8
Update to be compatible for PL/SQL 14
2023-11-08 01:15:22 +08:00
h00die
87cd4aac5e
spelling fix
2023-11-07 05:04:31 -05:00
h00die
f1317fa050
review comments
2023-11-06 18:34:36 -05:00
h00die
0ce7b03397
update nifi credentials post module
2023-11-06 14:50:02 -05:00
Jack Heysel
ce5188a76c
Land #18218 , improve Windows checkvm post module
...
This PR includes a number of enhancements to the windows
checkvm post module, including reducing the number of requests
set to the targets among other things.
2023-11-03 12:17:06 -04:00
jheysel-r7
23110e2ee3
Update modules/post/windows/gather/checkvm.rb
2023-11-03 11:18:55 -04:00
h00die
42cf28dbbe
nifi creds stealer
2023-11-02 06:56:33 -04:00
Jemmy Wang
763fae6cd7
Fix typo to pass msftidy
2023-11-02 10:41:53 +08:00
Spencer McIntyre
7b76cc01f9
Add x86 support to windows/manage/kerberos_tickets
2023-10-27 12:47:19 -04:00
Spencer McIntyre
54bce7fcb5
Add module docs
2023-10-27 12:47:19 -04:00
Spencer McIntyre
b44bf1ce7e
Resolve the ticket host
2023-10-27 12:47:19 -04:00
Spencer McIntyre
7137820381
Refactor the module and update output handling
2023-10-27 12:47:19 -04:00
Spencer McIntyre
79a3e756b3
Add the ENUM_LUIDS action
2023-10-27 12:47:19 -04:00
Spencer McIntyre
98906a5976
Add the SHOW_LUID action, refactor printed output
2023-10-27 12:47:19 -04:00
Spencer McIntyre
7b4caf79f8
Move the code into libraries for reuse
2023-10-27 12:47:19 -04:00
Spencer McIntyre
3a6086d88b
Initial kerberos_tickets WIP
2023-10-27 12:47:19 -04:00
Spencer McIntyre
5b5d5ade40
Free data using the new util API
2023-10-27 12:47:19 -04:00
Jemmy Wang
93c13ad6a7
Apply document suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
2023-10-27 02:02:00 +08:00
Jemmy Wang
013e4b5af2
Add Module for PL/SQL Developer to gather credentials
2023-10-26 19:38:02 +08:00
Christophe De La Fuente
9e5e57390f
Land #18194 , Useradd post module
2023-10-25 19:29:59 +02:00
Christophe De La Fuente
14a5aaab98
Fix small typo
2023-10-25 19:28:23 +02:00
Corey
60b72fb4be
remove vmicheartbeat from hyperv_services
2023-10-16 17:27:37 -04:00
gardnerapp
9ee838d08e
Update modules/post/windows/gather/checkvm.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
2023-10-16 17:21:32 -04:00
cgranleese-r7
3da17d2775
Addresses PR feedback
2023-10-12 10:59:29 +01:00
Corey
5ffac9af0c
pull changes
2023-10-09 15:29:14 -04:00
Corey
0863645fdb
remove false positive
2023-10-09 15:27:12 -04:00
gardnerapp
b0929fe445
Update modules/post/windows/gather/checkvm.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
2023-10-09 15:24:26 -04:00
gardnerapp
93d5736f72
Update modules/post/windows/gather/checkvm.rb
...
correct spelling
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
2023-10-09 15:23:19 -04:00
Corey
9f795574cd
Change spelling error
2023-10-09 15:18:38 -04:00
Corey
dabf0b54e3
Add @processes and @services to run
2023-10-09 15:16:30 -04:00
cgranleese-r7
87d108aab5
Removes Meterpreter logic
2023-10-03 09:53:02 +01:00
cgranleese-r7
6fdcc43530
Removes mixin
2023-09-21 14:35:13 +01:00
cgranleese-r7
461e661d06
Makes improvement to enum_computers module
2023-09-20 12:50:39 +01:00
Corey
fadd9afb56
Rubocop corrections
2023-09-17 18:23:27 -04:00
Corey
dd03ad30d0
minor changes to method argument names
2023-09-17 18:22:40 -04:00
Corey
ea63fe5652
store keys in instance variable to prevent multiple lookups
2023-09-17 18:22:40 -04:00
Corey
bcaf3b2a3b
continue changing nomenclature
2023-09-17 18:22:34 -04:00
Corey
9a8f7af321
Continue changing method names
2023-09-17 18:21:14 -04:00